﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web.Mvc;
using Yunwei.Core.MVC;

namespace Yunwei.Core.Permission
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
    public class AuthorizeFilterAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            if (!filterContext.IsChildAction)
            {
                object[] customAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ActionPermissionAttribute), true);
                if (customAttributes.Length > 0)
                {
                    ActionPermissionAttribute actionPermissionAttribute = customAttributes[0] as ActionPermissionAttribute;
                    if (actionPermissionAttribute.AllowAnonymous)
                    {
                        return;
                    }
                }
                UserInfo userInfo = System.Web.HttpContext.Current.Session["Yunwei_UserLogin"] as UserInfo;
                if (userInfo == null)
                {
                    filterContext.Result = new HttpUnauthorizedResult();
                }
                else if (!userInfo.IsAdmin)
                {
                    string text = filterContext.RouteData.Values["controller"].ToString();
                    string text2 = filterContext.RouteData.Values["action"].ToString();
                    string text3 = (string)filterContext.RouteData.DataTokens["Area"];
                    if (text3 == null)
                    {
                        text3 = "";
                    }
                    else
                    {
                        text3 = "/" + text3;
                    }
                    string text4 = string.Concat(new string[]
					{
						text3,
						"/",
						text,
						"/",
						text2
					});
                    text4 = text4.ToLower();
                    if (!userInfo.Permissions.Contains(text4))
                    {
                        //Log.WarnFormat("验证权限:controllerName={0},actionName={1}", new object[]
                        //{
                        //    text,
                        //    text2
                        //});

                        if (filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Requested-With") == null)
                        {
                            ViewResult viewResult = new ViewResult();
                            viewResult.ViewName = "Error404";
                            ViewResult result = viewResult;
                            filterContext.Result = result;
                            filterContext.HttpContext.Response.Clear();
                            filterContext.HttpContext.Response.StatusCode = 403;
                            filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
                        }
                        else
                        {
                            filterContext.Result = JsonNetResult.Error("没有访问权限。", 403, 1);
                        }
                    }
                }
            }
        }
    }
}
